Risk management and assurance

Risk management

The ASC’s risk management framework assists the Commission to manage the risks involved in its activities to optimise opportunities and minimise adverse consequences. At the highest level, the ASC’s organisational risk register highlights the key strategic risks and controls, while the business continuity and emergency response plan, internal audit program and fraud control plan are important components of the risk management framework.

Key risk management activities undertaken during 2015-16 included:

  • quarterly review and reporting against the ASC’s organisational risk register
  • further maturing risk management processes with closer links between risk management and ASC business planning
  • completion of the Comcover risk management benchmarking survey
  • implementation of regular organisational health reporting to the ASC Executive.

Internal audit

The ASC’s internal audit program provides independent, management-orientated advice on the ASC’s operations and performance. The objective of internal audit is to:

  • provide assurance to the ASC Executive and the Finance, Audit and Risk Committee that the key risks to achieving the ASC’s objectives are being appropriately mitigated
  • assist management to continuously improve business performance.

During 2015-16, the ASC continued its contractual relationship with PricewaterhouseCoopers for delivery of the internal audit program. The annual internal audit plan focused on key areas of operational risk and the development of the plan was informed by discussions with management, business planning and the ASC’s assurance map. Throughout the year the Finance, Audit and Risk Committee maintained oversight of the internal audit program and implementation of open internal audit recommendations.

The following audits were completed during 2015-16 as part of the ASC’s internal audit program:

  • control of corporate credit card use
  • review of payroll processes
  • review of progress of information security audit recommendations.


The ASC continued to fulfil its requirements in relation to fraud control, taking all reasonable measures to minimise the incidence of fraud and to investigate, and to the extent possible, recover the proceeds of fraud against the Commission. The ASC has a documented fraud risk assessment and fraud control plan, and has in place appropriate fraud prevention, detection, investigation, reporting and data collection procedures and processes to meet the specific needs of the Commission.

During 2015-16, the ASC implemented recommendations from the 2015-17 Fraud Control Plan to strengthen internal controls and further promoted the fraud awareness training package to new Commission staff members. During the reporting period, one instance of suspected fraud was reported to the ASC and addressed in accordance with the ASC’s Fraud Control Plan.

Indemnities and insurance

The ASC is insured through the Australian Government’s self-managed fund, Comcover. Insurance includes directors’ and officers’ liability cover to the extent permitted by the PGPA Act. The entire premium is paid by the ASC. In 2015-16 the ASC did not give any indemnity to a current or former officer of the Commission.